MicrosoftAlex_Mihaiuc it's looks like this. is it normal? I saw it start from first v14.
MicrosoftOh, hqqddy, I saw such problems with v14 and I thought they were all fixed. I would owe you one if you could provide a more detailed description so I can get a fix out. Either here or via mail at "syssite".
Alex_Mihaiuc well it's failed to disable components is Installed components for i.e. Is it new normal behaviour? We (ok I am) look at builds v13.x and it works fine.
MicrosoftJosephMy It appears you have a mix between v13.24 and v13.30. I think that in your case the previous version was not fully uninstalled before getting to v13.30. Completely remove sysmon with:
sysmon64 -u forcethen make sure that C:\Windows\sysmon64.exe doesn't exist anymore and start again v13.30.
hqqddy is this still the crash with rundll entries containing spaces?
Autoruns is still broken 
In the Sysmon zip file, Sysmon64.exe shows a file and product version of 13.30. However, upon installation, it displays v13.24. Additionally, once installed, C:\Windows\Sysmon64.exe displays a file and product version of 13.24, as does the C:\Windows\SysmonDrv.sys. Is this the latest version of 13.30? Or is the product version incorrectly listed on install and post-install?
